I am concerned about the recent bug affecting Skylake and Kaby Lake gen Intel 
processors - https://lists.debian.org/debian-devel/2017/06/msg00308.html

As BIOS updates aren't yet available from many mobo manufacturers, how can we 
Qubes users best defend ourselves against an exploit? In this post I am hoping 
to reach out to someone who may be able to comment on how we can best configure 
our platforms until a fix is available.

Following the advice in the linked Debian advisory, I have disabled 
hyper-threading in the BIOS settings. My questions are as follows:

1) When I check /proc/cpuinfo in dom0, 'ht' remains listed as a flag 
(capability). Running $ lscpu in dom0 indicates that 'Threads per core: 1' so I 
assume the BIOS has in fact disabled hyper-threading. Is this correct, or 
should the flag also disappear when functionality is disabled in BIOS settings?

2) Is it safe to run multiple VCPUs (up to the number of physical cores) for 
each Guest VM. Or, in light of this bug, should we only be using a single VCPU 
for each guest?

Many thanks in advance.

You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
For more options, visit https://groups.google.com/d/optout.

Reply via email to